Entropy and Energy Bounds for Metastability Based TRNG with Lightweight Post-Processing

On-chip True Random Number Generators (TRNG) are important cryptographic primitives in a variety of applications. In advanced CMOS process technologies, intra-die variations in transistor parameters bias the TRNG and degrade the statistics of the bit stream generated. In this work, we present a stochastic model for metastability based TRNG circuit incorporating both the impact of intra-die variations and thermal noise. The stochastic model is used to estimate the expected entropy out of a TRNG at a given process corner for variations in channel length and threshold voltage. We use the stochastic model to study the impact of variations on three lightweight post-processing techniques: von Neumann corrector, XOR function, and PRESENT cipher. The expected bit rate out of von Neumann corrector, number of XOR stages required for entropy extraction and the number of iterations for using PRESENT encryption are estimated for various process corners using the probabilistic entropy values. These analyses are further extended to different device sizing and operating voltage to explore the optimum trade-off between entropy extraction and energy overhead. A combination of HSPICE circuit simulation using 32 nm Predictive Technology models and stochastic modeling in MatLab show that XOR function and von Neumann corrector have an energy overhead ranging from 0.012pJ/bit to 0.15pJ/bit at the cost of decreased yield and bit-rate respectively. PRESENT cipher provides robust entropy extraction by increasing the number of encryption iterations from 1 for to 3 for . With a maximum of 2.52pJ/bit PRESENT provides a more energy efficient solution compared to AES for entropy extraction in power constrained applications.